Wms · Wms · CVE-2020-18106
Name of the Vulnerable Software and Affected Versions:
WMS version 1.0
Description:
The issue allows attackers to perform SQL injection due to the GET parameter `id` being passed without filtering.
Recommendations:
For WMS version 1.0, consider restricting access to the `id` parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter to minimize the risk of exploitation.